- From: Alexey Melnikov <alexey.melnikov@isode.com>
- Date: Sun, 12 Jun 2011 17:18:11 +0100
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: http-auth@ietf.org, y.oiwa@aist.go.jp, Sean Turner <turners@ieca.com>, public-identity@w3.org, websec@ietf.org, saag@ietf.org
Julian Reschke wrote: > On 2011-06-09 16:31, Yutaka OIWA wrote: > >> ... >> password stealing, session hijack, and phishing. Currently, the HTTP >> core protocol only provides basic plaintext password authentication >> and MD5-based hashed password authentication, both of which are >> ... > > That's kind of misleading; the core HTTP protocol doesn't define any > concrete authentication schemes at all; it just offers a framework > (header fields, status codes etc). > > > ... > >> Both BoF and possible future working group expect well coordination >> with W3C's effort on the related topics. It shall also be in >> coordination with related IETF working groups, including websec, abfab >> and oauth. >> ... > > I believe you need to add HTTPbis. +1. I would also add Kitten.
Received on Sunday, 12 June 2011 16:19:13 UTC